Terminate multiple TLS domains, with both Fly and custom certificates

I’m interested in running a normal web app (e.g. on https://example.com) and using Fly to manage certificates for me, but I also want to host a special domain (https://iot.example.com) where I want to use mutual TLS and serve my own certificate for that purpose.

Is there a way to configure multiple domains running on 443 but use Fly’s tls and https handler on only one of them, and do TCP passthrough for the other?

Not possible today.

You can however deploy two Fly apps (one that uses Fly-terminated TLS and the other that doesn’t). That’s what we do.

It’d be rad to be able to do so, but requires changes to the way Fly proxy works. Possibly, sniffing SNI (optionally, making it compliant with the ECH standard) and deciding whether to terminate TLS or pass it through.

cc: @jerome